Find the information you need for your favorite open source distribution .
Maor Shwartz, Jeremy Heng and Terry Chia discovered two security vulnerabilities in Graphicsmagick, a collection of image processing tool s.
Several vulnerabilities were discovered in bchunk, a tool to convert a CD image in .bin/.cue format into a set of .iso and .cdr/.wav tracks. It was possible to trigger a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file
Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to crashes or the execution of arbitrary code.
This update includes the changes in tzdata 2017c for the Perl bindings. For the list of changes, see DLA-1156-1. For Debian 7 "Wheezy", these problems have been fixed in version
This update includes the changes in tzdata 2017b. Notable changes are: - Northern Cyprus resumed EU rules starting 2017-10-29. - Namibia will switch from +01 with DST to +02 all year, affecting
Multiple vulnerabilities were found in graphicsmagick. CVE-2017-14103
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.
A vulnerability was found in how WPA code can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities:
CVE-2017-13089 Fix stack overflow in HTTP protocol handling. CVE-2017-13090
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
The exiv2 library is vulnerable to multiple issues that can all lead to denial of service of the applications relying on the library to parse images' metadata.
Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability (CVE-2017-5595). The application has been found to suffer from many other problems
mosquitto's persistence file (mosquitto.db) was created in a world-readable way thus allowing local users to obtain sensitive MQTT topic information. While the application has been fixed to set proper permissions by default, you still have to manually fix
Brian Carpenter, Geeknik Labs, 0xd34db347, and independently reported by the OSS-Fuzz project, detected a out of bounds read during IMAP FETCH response.
Multiple vulnerabilities have been found in libav: CVE-2015-8365
Multiple vulnerabilities have been discovered in Ming: CVE-2017-11704
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible
Immediately after the previous update to graphicsmagick, two more security issues were identified. These updates are included here.
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
